nuclei-templates/http/cnvd/2021/CNVD-2021-32799.yaml

id: CNVD-2021-32799

info:
  name: 360 Xintianqing - SQL Injection
  author: SleepingBag945
  severity: high
  description: |
    The Tianqing Terminal Security Management System, designed for government and enterprise use, faces a SQL injection vulnerability. This flaw could enable attackers to access sensitive database information.
  reference:
    - https://blog.51cto.com/u_9691128/4295047
    - https://www.cnvd.org.cn/patchInfo/show/270651
    - https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/CNVD/2021/CNVD-2021-32799.yaml
  metadata:
    verified: true
    max-request: 1
    fofa-query: app="360新天擎"
  tags: cnvd2021,cnvd,360,xintianqing,sqli

http:
  - method: GET
    path:
      - '{{BaseURL}}/api/dp/rptsvcsyncpoint?ccid=1'

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"reason":'
          - '"success"'
          - '"antiadwa":'
          - '"clientupgrade":'
        condition: and

      - type: word
        part: header
        words:
          - 'application/json'

      - type: status
        status:
          - 200
# digest: 4a0a0047304502206afa5e0d4549835bc2d4c5fb006f2fce414e37201594e6248fd2f11bd4b63b68022100b8de4f954a677c82dbcdbbc13d9201237fdfada40ff00767c561af267d0c1097:922c64590222798bb761d5b6d8e72950
Create CNVD-2021-32799.yaml 2023-08-21 14:56:59 +00:00			`id: CNVD-2021-32799`

			`info:`
			`name: 360 Xintianqing - SQL Injection`
			`author: SleepingBag945`
			`severity: high`
format update 2023-12-29 09:53:08 +00:00			`description: \|`
			`The Tianqing Terminal Security Management System, designed for government and enterprise use, faces a SQL injection vulnerability. This flaw could enable attackers to access sensitive database information.`
Create CNVD-2021-32799.yaml 2023-08-21 14:56:59 +00:00			`reference:`
			`- https://blog.51cto.com/u_9691128/4295047`
			`- https://www.cnvd.org.cn/patchInfo/show/270651`
			`- https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/CNVD/2021/CNVD-2021-32799.yaml`
			`metadata:`
			`verified: true`
			`max-request: 1`
templateman update 2023-10-14 11:27:55 +00:00			`fofa-query: app="360新天擎"`
auto tagging via templateman 2024-01-14 09:21:50 +00:00			`tags: cnvd2021,cnvd,360,xintianqing,sqli`
Create CNVD-2021-32799.yaml 2023-08-21 14:56:59 +00:00
			`http:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/api/dp/rptsvcsyncpoint?ccid=1'`

			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- '"reason":'`
			`- '"success"'`
			`- '"antiadwa":'`
			`- '"clientupgrade":'`
			`condition: and`

			`- type: word`
			`part: header`
			`words:`
			`- 'application/json'`

			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Fri Jan 26 08:31:11 UTC 2024] :robot: 2024-01-26 08:31:11 +00:00			`# digest: 4a0a0047304502206afa5e0d4549835bc2d4c5fb006f2fce414e37201594e6248fd2f11bd4b63b68022100b8de4f954a677c82dbcdbbc13d9201237fdfada40ff00767c561af267d0c1097:922c64590222798bb761d5b6d8e72950`